|
|
|
|
|
|
by pjc50
4172 days ago
|
|
|
Broadly I agree; the original work on access control assumed that it was users who might be untrustworthy and programs were safe, in a "classified documents" context. However, applying program-level access control is very un-UNIX. How do you compose multiple programs with different security regimes? This bug happened because the "steam" program called the "rm" program via the "shell" program. Inheriting capabilities mostly solves this, but we're familiar with how hard selinux is to use as a result and it still doesn't save the user from command line typos. I think it's time to make a stronger case for time-reversible filesystems. Accidental deletion matters less if you can just get in your time machine. |
|
|